> > One complication for USB -- not shared with any of the more > > traditional device models! -- is hotplugging. Devices can be, > > and are, added/removed at any time. They can move around. > > The primary policy hook for security is to name a device. But > > hotplugging means those names can change... > > But you control hotplugging.
Who is "you"? The sysadmin who's trying to set up a secure system? Or the end user? As a developer, I surely do NOT have any control over what either of those folk will do... > You can check in the hotplugging > script whether device has given VendorId and ProductId and > then take the proper action e.g.: > -giving proper persmission to user > -mounting device with proper rights > > What is wrong with that? Well for starters, the notion that those two characteristics are enough to address the problem. Consider that I might have two USB disk drives (or cameras) of the same make/model, and they might get connected in any order. Don't export that finance data over the network, now ... In that case there's some additional device uniquification that can be leveraged (disk partition info, for one example), but for the typical case that doesn't exist. Most devices don't have serial numbers, so they can't be told apart that way. Often people will cable things together in stable ways (this webcam to this connector, that one goes there instead), but that's just one of the possible policies. I suppose there are configurations where the devices can be assumed to be interchangeable. But I can't assume that based on device ID, or class ... a kiosk with multiple keypads and pointers is going to want physical configuration to matter for assigning the names used by apps, unlike a workstation user who's swapping a broken mouse for one that works (and there is no potential for confusion). What I was getting at is that assigning names at the "logical" layer, where function matters, changes in a hotpluggable world. Assigning those function-based names in the kernel is part of the problem: it can maybe make a decent first guess, but before the device is advertised to the world, something smarter (like a user mode policy agent) may need to apply some real intelligence to the problem. - Dave _______________________________________________ [EMAIL PROTECTED] To unsubscribe, use the last form field at: https://lists.sourceforge.net/lists/listinfo/linux-usb-devel
